1#!/usr/local/bin/python3.8 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019-2020 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_log_setting 27short_description: Configure general log settings in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify log feature and setting category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.0 33version_added: "2.10" 34author: 35 - Link Zheng (@chillancezen) 36 - Jie Xue (@JieX19) 37 - Hongbin Lu (@fgtdev-hblu) 38 - Frank Shen (@frankshen01) 39 - Miguel Angel Munoz (@mamunozgonzalez) 40 - Nicolas Thomas (@thomnico) 41notes: 42 - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks 43 44requirements: 45 - ansible>=2.9.0 46options: 47 access_token: 48 description: 49 - Token-based authentication. 50 Generated from GUI of Fortigate. 51 type: str 52 required: false 53 enable_log: 54 description: 55 - Enable/Disable logging for task. 56 type: bool 57 required: false 58 default: false 59 vdom: 60 description: 61 - Virtual domain, among those defined previously. A vdom is a 62 virtual instance of the FortiGate that can be configured and 63 used as a different unit. 64 type: str 65 default: root 66 67 log_setting: 68 description: 69 - Configure general log settings. 70 default: null 71 type: dict 72 suboptions: 73 brief_traffic_format: 74 description: 75 - Enable/disable brief format traffic logging. 76 type: str 77 choices: 78 - enable 79 - disable 80 custom_log_fields: 81 description: 82 - Custom fields to append to all log messages. 83 type: list 84 suboptions: 85 field_id: 86 description: 87 - Custom log field. Source log.custom-field.id. 88 type: str 89 daemon_log: 90 description: 91 - Enable/disable daemon logging. 92 type: str 93 choices: 94 - enable 95 - disable 96 expolicy_implicit_log: 97 description: 98 - Enable/disable explicit proxy firewall implicit policy logging. 99 type: str 100 choices: 101 - enable 102 - disable 103 faz_override: 104 description: 105 - Enable/disable override FortiAnalyzer settings. 106 type: str 107 choices: 108 - enable 109 - disable 110 fortiview_weekly_data: 111 description: 112 - Enable/disable FortiView weekly data. 113 type: str 114 choices: 115 - enable 116 - disable 117 fwpolicy_implicit_log: 118 description: 119 - Enable/disable implicit firewall policy logging. 120 type: str 121 choices: 122 - enable 123 - disable 124 fwpolicy6_implicit_log: 125 description: 126 - Enable/disable implicit firewall policy6 logging. 127 type: str 128 choices: 129 - enable 130 - disable 131 local_in_allow: 132 description: 133 - Enable/disable local-in-allow logging. 134 type: str 135 choices: 136 - enable 137 - disable 138 local_in_deny_broadcast: 139 description: 140 - Enable/disable local-in-deny-broadcast logging. 141 type: str 142 choices: 143 - enable 144 - disable 145 local_in_deny_unicast: 146 description: 147 - Enable/disable local-in-deny-unicast logging. 148 type: str 149 choices: 150 - enable 151 - disable 152 local_out: 153 description: 154 - Enable/disable local-out logging. 155 type: str 156 choices: 157 - enable 158 - disable 159 log_invalid_packet: 160 description: 161 - Enable/disable invalid packet traffic logging. 162 type: str 163 choices: 164 - enable 165 - disable 166 log_policy_comment: 167 description: 168 - Enable/disable inserting policy comments into traffic logs. 169 type: str 170 choices: 171 - enable 172 - disable 173 log_policy_name: 174 description: 175 - Enable/disable inserting policy name into traffic logs. 176 type: str 177 choices: 178 - enable 179 - disable 180 log_user_in_upper: 181 description: 182 - Enable/disable logs with user-in-upper. 183 type: str 184 choices: 185 - enable 186 - disable 187 neighbor_event: 188 description: 189 - Enable/disable neighbor event logging. 190 type: str 191 choices: 192 - enable 193 - disable 194 resolve_ip: 195 description: 196 - Enable/disable adding resolved domain names to traffic logs if possible. 197 type: str 198 choices: 199 - enable 200 - disable 201 resolve_port: 202 description: 203 - Enable/disable adding resolved service names to traffic logs. 204 type: str 205 choices: 206 - enable 207 - disable 208 syslog_override: 209 description: 210 - Enable/disable override Syslog settings. 211 type: str 212 choices: 213 - enable 214 - disable 215 user_anonymize: 216 description: 217 - Enable/disable anonymizing user names in log messages. 218 type: str 219 choices: 220 - enable 221 - disable 222''' 223 224EXAMPLES = ''' 225- hosts: fortigates 226 collections: 227 - fortinet.fortios 228 connection: httpapi 229 vars: 230 vdom: "root" 231 ansible_httpapi_use_ssl: yes 232 ansible_httpapi_validate_certs: no 233 ansible_httpapi_port: 443 234 tasks: 235 - name: Configure general log settings. 236 fortios_log_setting: 237 vdom: "{{ vdom }}" 238 log_setting: 239 brief_traffic_format: "enable" 240 custom_log_fields: 241 - 242 field_id: "<your_own_value> (source log.custom-field.id)" 243 daemon_log: "enable" 244 expolicy_implicit_log: "enable" 245 faz_override: "enable" 246 fortiview_weekly_data: "enable" 247 fwpolicy_implicit_log: "enable" 248 fwpolicy6_implicit_log: "enable" 249 local_in_allow: "enable" 250 local_in_deny_broadcast: "enable" 251 local_in_deny_unicast: "enable" 252 local_out: "enable" 253 log_invalid_packet: "enable" 254 log_policy_comment: "enable" 255 log_policy_name: "enable" 256 log_user_in_upper: "enable" 257 neighbor_event: "enable" 258 resolve_ip: "enable" 259 resolve_port: "enable" 260 syslog_override: "enable" 261 user_anonymize: "enable" 262 263''' 264 265RETURN = ''' 266build: 267 description: Build number of the fortigate image 268 returned: always 269 type: str 270 sample: '1547' 271http_method: 272 description: Last method used to provision the content into FortiGate 273 returned: always 274 type: str 275 sample: 'PUT' 276http_status: 277 description: Last result given by FortiGate on last operation applied 278 returned: always 279 type: str 280 sample: "200" 281mkey: 282 description: Master key (id) used in the last call to FortiGate 283 returned: success 284 type: str 285 sample: "id" 286name: 287 description: Name of the table used to fulfill the request 288 returned: always 289 type: str 290 sample: "urlfilter" 291path: 292 description: Path of the table used to fulfill the request 293 returned: always 294 type: str 295 sample: "webfilter" 296revision: 297 description: Internal revision number 298 returned: always 299 type: str 300 sample: "17.0.2.10658" 301serial: 302 description: Serial number of the unit 303 returned: always 304 type: str 305 sample: "FGVMEVYYQT3AB5352" 306status: 307 description: Indication of the operation's result 308 returned: always 309 type: str 310 sample: "success" 311vdom: 312 description: Virtual domain used 313 returned: always 314 type: str 315 sample: "root" 316version: 317 description: Version of the FortiGate 318 returned: always 319 type: str 320 sample: "v5.6.3" 321 322''' 323from ansible.module_utils.basic import AnsibleModule 324from ansible.module_utils.connection import Connection 325from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler 326from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi 327from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec 328from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning 329from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG 330from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import is_same_comparison 331from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import serialize 332 333 334def filter_log_setting_data(json): 335 option_list = ['brief_traffic_format', 'custom_log_fields', 'daemon_log', 336 'expolicy_implicit_log', 'faz_override', 'fortiview_weekly_data', 337 'fwpolicy_implicit_log', 'fwpolicy6_implicit_log', 'local_in_allow', 338 'local_in_deny_broadcast', 'local_in_deny_unicast', 'local_out', 339 'log_invalid_packet', 'log_policy_comment', 'log_policy_name', 340 'log_user_in_upper', 'neighbor_event', 'resolve_ip', 341 'resolve_port', 'syslog_override', 'user_anonymize'] 342 dictionary = {} 343 344 for attribute in option_list: 345 if attribute in json and json[attribute] is not None: 346 dictionary[attribute] = json[attribute] 347 348 return dictionary 349 350 351def underscore_to_hyphen(data): 352 if isinstance(data, list): 353 for i, elem in enumerate(data): 354 data[i] = underscore_to_hyphen(elem) 355 elif isinstance(data, dict): 356 new_data = {} 357 for k, v in data.items(): 358 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 359 data = new_data 360 361 return data 362 363 364def log_setting(data, fos): 365 vdom = data['vdom'] 366 log_setting_data = data['log_setting'] 367 filtered_data = underscore_to_hyphen(filter_log_setting_data(log_setting_data)) 368 369 return fos.set('log', 370 'setting', 371 data=filtered_data, 372 vdom=vdom) 373 374 375def is_successful_status(status): 376 return status['status'] == "success" or \ 377 status['http_method'] == "DELETE" and status['http_status'] == 404 378 379 380def fortios_log(data, fos): 381 382 if data['log_setting']: 383 resp = log_setting(data, fos) 384 else: 385 fos._module.fail_json(msg='missing task body: %s' % ('log_setting')) 386 387 return not is_successful_status(resp), \ 388 resp['status'] == "success" and \ 389 (resp['revision_changed'] if 'revision_changed' in resp else True), \ 390 resp 391 392 393versioned_schema = { 394 "type": "dict", 395 "children": { 396 "user_anonymize": { 397 "type": "string", 398 "options": [ 399 { 400 "value": "enable", 401 "revisions": { 402 "v6.0.0": True, 403 "v7.0.0": True, 404 "v6.0.5": True, 405 "v6.4.4": True, 406 "v6.4.0": True, 407 "v6.4.1": True, 408 "v6.2.0": True, 409 "v6.2.3": True, 410 "v6.2.5": True, 411 "v6.2.7": True, 412 "v6.0.11": True 413 } 414 }, 415 { 416 "value": "disable", 417 "revisions": { 418 "v6.0.0": True, 419 "v7.0.0": True, 420 "v6.0.5": True, 421 "v6.4.4": True, 422 "v6.4.0": True, 423 "v6.4.1": True, 424 "v6.2.0": True, 425 "v6.2.3": True, 426 "v6.2.5": True, 427 "v6.2.7": True, 428 "v6.0.11": True 429 } 430 } 431 ], 432 "revisions": { 433 "v6.0.0": True, 434 "v7.0.0": True, 435 "v6.0.5": True, 436 "v6.4.4": True, 437 "v6.4.0": True, 438 "v6.4.1": True, 439 "v6.2.0": True, 440 "v6.2.3": True, 441 "v6.2.5": True, 442 "v6.2.7": True, 443 "v6.0.11": True 444 } 445 }, 446 "expolicy_implicit_log": { 447 "type": "string", 448 "options": [ 449 { 450 "value": "enable", 451 "revisions": { 452 "v6.0.0": True, 453 "v7.0.0": True, 454 "v6.0.5": True, 455 "v6.4.4": True, 456 "v6.4.0": True, 457 "v6.4.1": True, 458 "v6.2.0": True, 459 "v6.2.3": True, 460 "v6.2.5": True, 461 "v6.2.7": True, 462 "v6.0.11": True 463 } 464 }, 465 { 466 "value": "disable", 467 "revisions": { 468 "v6.0.0": True, 469 "v7.0.0": True, 470 "v6.0.5": True, 471 "v6.4.4": True, 472 "v6.4.0": True, 473 "v6.4.1": True, 474 "v6.2.0": True, 475 "v6.2.3": True, 476 "v6.2.5": True, 477 "v6.2.7": True, 478 "v6.0.11": True 479 } 480 } 481 ], 482 "revisions": { 483 "v6.0.0": True, 484 "v7.0.0": True, 485 "v6.0.5": True, 486 "v6.4.4": True, 487 "v6.4.0": True, 488 "v6.4.1": True, 489 "v6.2.0": True, 490 "v6.2.3": True, 491 "v6.2.5": True, 492 "v6.2.7": True, 493 "v6.0.11": True 494 } 495 }, 496 "local_out": { 497 "type": "string", 498 "options": [ 499 { 500 "value": "enable", 501 "revisions": { 502 "v6.0.0": True, 503 "v7.0.0": True, 504 "v6.0.5": True, 505 "v6.4.4": True, 506 "v6.4.0": True, 507 "v6.4.1": True, 508 "v6.2.0": True, 509 "v6.2.3": True, 510 "v6.2.5": True, 511 "v6.2.7": True, 512 "v6.0.11": True 513 } 514 }, 515 { 516 "value": "disable", 517 "revisions": { 518 "v6.0.0": True, 519 "v7.0.0": True, 520 "v6.0.5": True, 521 "v6.4.4": True, 522 "v6.4.0": True, 523 "v6.4.1": True, 524 "v6.2.0": True, 525 "v6.2.3": True, 526 "v6.2.5": True, 527 "v6.2.7": True, 528 "v6.0.11": True 529 } 530 } 531 ], 532 "revisions": { 533 "v6.0.0": True, 534 "v7.0.0": True, 535 "v6.0.5": True, 536 "v6.4.4": True, 537 "v6.4.0": True, 538 "v6.4.1": True, 539 "v6.2.0": True, 540 "v6.2.3": True, 541 "v6.2.5": True, 542 "v6.2.7": True, 543 "v6.0.11": True 544 } 545 }, 546 "fwpolicy_implicit_log": { 547 "type": "string", 548 "options": [ 549 { 550 "value": "enable", 551 "revisions": { 552 "v6.0.0": True, 553 "v7.0.0": True, 554 "v6.0.5": True, 555 "v6.4.4": True, 556 "v6.4.0": True, 557 "v6.4.1": True, 558 "v6.2.0": True, 559 "v6.2.3": True, 560 "v6.2.5": True, 561 "v6.2.7": True, 562 "v6.0.11": True 563 } 564 }, 565 { 566 "value": "disable", 567 "revisions": { 568 "v6.0.0": True, 569 "v7.0.0": True, 570 "v6.0.5": True, 571 "v6.4.4": True, 572 "v6.4.0": True, 573 "v6.4.1": True, 574 "v6.2.0": True, 575 "v6.2.3": True, 576 "v6.2.5": True, 577 "v6.2.7": True, 578 "v6.0.11": True 579 } 580 } 581 ], 582 "revisions": { 583 "v6.0.0": True, 584 "v7.0.0": True, 585 "v6.0.5": True, 586 "v6.4.4": True, 587 "v6.4.0": True, 588 "v6.4.1": True, 589 "v6.2.0": True, 590 "v6.2.3": True, 591 "v6.2.5": True, 592 "v6.2.7": True, 593 "v6.0.11": True 594 } 595 }, 596 "brief_traffic_format": { 597 "type": "string", 598 "options": [ 599 { 600 "value": "enable", 601 "revisions": { 602 "v6.0.0": True, 603 "v7.0.0": True, 604 "v6.0.5": True, 605 "v6.4.4": True, 606 "v6.4.0": True, 607 "v6.4.1": True, 608 "v6.2.0": True, 609 "v6.2.3": True, 610 "v6.2.5": True, 611 "v6.2.7": True, 612 "v6.0.11": True 613 } 614 }, 615 { 616 "value": "disable", 617 "revisions": { 618 "v6.0.0": True, 619 "v7.0.0": True, 620 "v6.0.5": True, 621 "v6.4.4": True, 622 "v6.4.0": True, 623 "v6.4.1": True, 624 "v6.2.0": True, 625 "v6.2.3": True, 626 "v6.2.5": True, 627 "v6.2.7": True, 628 "v6.0.11": True 629 } 630 } 631 ], 632 "revisions": { 633 "v6.0.0": True, 634 "v7.0.0": True, 635 "v6.0.5": True, 636 "v6.4.4": True, 637 "v6.4.0": True, 638 "v6.4.1": True, 639 "v6.2.0": True, 640 "v6.2.3": True, 641 "v6.2.5": True, 642 "v6.2.7": True, 643 "v6.0.11": True 644 } 645 }, 646 "fortiview_weekly_data": { 647 "type": "string", 648 "options": [ 649 { 650 "value": "enable", 651 "revisions": { 652 "v6.0.0": True, 653 "v7.0.0": True, 654 "v6.0.5": True, 655 "v6.4.4": True, 656 "v6.4.0": True, 657 "v6.4.1": True, 658 "v6.2.0": True, 659 "v6.2.3": True, 660 "v6.2.5": True, 661 "v6.2.7": True, 662 "v6.0.11": True 663 } 664 }, 665 { 666 "value": "disable", 667 "revisions": { 668 "v6.0.0": True, 669 "v7.0.0": True, 670 "v6.0.5": True, 671 "v6.4.4": True, 672 "v6.4.0": True, 673 "v6.4.1": True, 674 "v6.2.0": True, 675 "v6.2.3": True, 676 "v6.2.5": True, 677 "v6.2.7": True, 678 "v6.0.11": True 679 } 680 } 681 ], 682 "revisions": { 683 "v6.0.0": True, 684 "v7.0.0": False, 685 "v6.0.5": True, 686 "v6.4.4": True, 687 "v6.4.0": True, 688 "v6.4.1": True, 689 "v6.2.0": True, 690 "v6.2.3": True, 691 "v6.2.5": True, 692 "v6.2.7": True, 693 "v6.0.11": True 694 } 695 }, 696 "log_user_in_upper": { 697 "type": "string", 698 "options": [ 699 { 700 "value": "enable", 701 "revisions": { 702 "v6.0.0": True, 703 "v7.0.0": True, 704 "v6.0.5": True, 705 "v6.4.4": True, 706 "v6.4.0": True, 707 "v6.4.1": True, 708 "v6.2.0": True, 709 "v6.2.3": True, 710 "v6.2.5": True, 711 "v6.2.7": True, 712 "v6.0.11": True 713 } 714 }, 715 { 716 "value": "disable", 717 "revisions": { 718 "v6.0.0": True, 719 "v7.0.0": True, 720 "v6.0.5": True, 721 "v6.4.4": True, 722 "v6.4.0": True, 723 "v6.4.1": True, 724 "v6.2.0": True, 725 "v6.2.3": True, 726 "v6.2.5": True, 727 "v6.2.7": True, 728 "v6.0.11": True 729 } 730 } 731 ], 732 "revisions": { 733 "v6.0.0": True, 734 "v7.0.0": True, 735 "v6.0.5": True, 736 "v6.4.4": True, 737 "v6.4.0": True, 738 "v6.4.1": True, 739 "v6.2.0": True, 740 "v6.2.3": True, 741 "v6.2.5": True, 742 "v6.2.7": True, 743 "v6.0.11": True 744 } 745 }, 746 "log_invalid_packet": { 747 "type": "string", 748 "options": [ 749 { 750 "value": "enable", 751 "revisions": { 752 "v6.0.0": True, 753 "v7.0.0": True, 754 "v6.0.5": True, 755 "v6.4.4": True, 756 "v6.4.0": True, 757 "v6.4.1": True, 758 "v6.2.0": True, 759 "v6.2.3": True, 760 "v6.2.5": True, 761 "v6.2.7": True, 762 "v6.0.11": True 763 } 764 }, 765 { 766 "value": "disable", 767 "revisions": { 768 "v6.0.0": True, 769 "v7.0.0": True, 770 "v6.0.5": True, 771 "v6.4.4": True, 772 "v6.4.0": True, 773 "v6.4.1": True, 774 "v6.2.0": True, 775 "v6.2.3": True, 776 "v6.2.5": True, 777 "v6.2.7": True, 778 "v6.0.11": True 779 } 780 } 781 ], 782 "revisions": { 783 "v6.0.0": True, 784 "v7.0.0": True, 785 "v6.0.5": True, 786 "v6.4.4": True, 787 "v6.4.0": True, 788 "v6.4.1": True, 789 "v6.2.0": True, 790 "v6.2.3": True, 791 "v6.2.5": True, 792 "v6.2.7": True, 793 "v6.0.11": True 794 } 795 }, 796 "log_policy_name": { 797 "type": "string", 798 "options": [ 799 { 800 "value": "enable", 801 "revisions": { 802 "v6.0.0": True, 803 "v6.0.5": True, 804 "v6.2.0": True, 805 "v6.2.3": True, 806 "v6.2.5": True, 807 "v6.2.7": True, 808 "v6.0.11": True 809 } 810 }, 811 { 812 "value": "disable", 813 "revisions": { 814 "v6.0.0": True, 815 "v6.0.5": True, 816 "v6.2.0": True, 817 "v6.2.3": True, 818 "v6.2.5": True, 819 "v6.2.7": True, 820 "v6.0.11": True 821 } 822 } 823 ], 824 "revisions": { 825 "v6.0.0": True, 826 "v7.0.0": False, 827 "v6.0.5": True, 828 "v6.4.4": False, 829 "v6.4.0": False, 830 "v6.4.1": False, 831 "v6.2.0": True, 832 "v6.2.3": True, 833 "v6.2.5": True, 834 "v6.2.7": True, 835 "v6.0.11": True 836 } 837 }, 838 "local_in_deny_unicast": { 839 "type": "string", 840 "options": [ 841 { 842 "value": "enable", 843 "revisions": { 844 "v6.0.0": True, 845 "v7.0.0": True, 846 "v6.0.5": True, 847 "v6.4.4": True, 848 "v6.4.0": True, 849 "v6.4.1": True, 850 "v6.2.0": True, 851 "v6.2.3": True, 852 "v6.2.5": True, 853 "v6.2.7": True, 854 "v6.0.11": True 855 } 856 }, 857 { 858 "value": "disable", 859 "revisions": { 860 "v6.0.0": True, 861 "v7.0.0": True, 862 "v6.0.5": True, 863 "v6.4.4": True, 864 "v6.4.0": True, 865 "v6.4.1": True, 866 "v6.2.0": True, 867 "v6.2.3": True, 868 "v6.2.5": True, 869 "v6.2.7": True, 870 "v6.0.11": True 871 } 872 } 873 ], 874 "revisions": { 875 "v6.0.0": True, 876 "v7.0.0": True, 877 "v6.0.5": True, 878 "v6.4.4": True, 879 "v6.4.0": True, 880 "v6.4.1": True, 881 "v6.2.0": True, 882 "v6.2.3": True, 883 "v6.2.5": True, 884 "v6.2.7": True, 885 "v6.0.11": True 886 } 887 }, 888 "local_in_deny_broadcast": { 889 "type": "string", 890 "options": [ 891 { 892 "value": "enable", 893 "revisions": { 894 "v6.0.0": True, 895 "v7.0.0": True, 896 "v6.0.5": True, 897 "v6.4.4": True, 898 "v6.4.0": True, 899 "v6.4.1": True, 900 "v6.2.0": True, 901 "v6.2.3": True, 902 "v6.2.5": True, 903 "v6.2.7": True, 904 "v6.0.11": True 905 } 906 }, 907 { 908 "value": "disable", 909 "revisions": { 910 "v6.0.0": True, 911 "v7.0.0": True, 912 "v6.0.5": True, 913 "v6.4.4": True, 914 "v6.4.0": True, 915 "v6.4.1": True, 916 "v6.2.0": True, 917 "v6.2.3": True, 918 "v6.2.5": True, 919 "v6.2.7": True, 920 "v6.0.11": True 921 } 922 } 923 ], 924 "revisions": { 925 "v6.0.0": True, 926 "v7.0.0": True, 927 "v6.0.5": True, 928 "v6.4.4": True, 929 "v6.4.0": True, 930 "v6.4.1": True, 931 "v6.2.0": True, 932 "v6.2.3": True, 933 "v6.2.5": True, 934 "v6.2.7": True, 935 "v6.0.11": True 936 } 937 }, 938 "daemon_log": { 939 "type": "string", 940 "options": [ 941 { 942 "value": "enable", 943 "revisions": { 944 "v6.0.0": True, 945 "v7.0.0": True, 946 "v6.0.5": True, 947 "v6.4.4": True, 948 "v6.4.0": True, 949 "v6.4.1": True, 950 "v6.2.0": True, 951 "v6.2.3": True, 952 "v6.2.5": True, 953 "v6.2.7": True, 954 "v6.0.11": True 955 } 956 }, 957 { 958 "value": "disable", 959 "revisions": { 960 "v6.0.0": True, 961 "v7.0.0": True, 962 "v6.0.5": True, 963 "v6.4.4": True, 964 "v6.4.0": True, 965 "v6.4.1": True, 966 "v6.2.0": True, 967 "v6.2.3": True, 968 "v6.2.5": True, 969 "v6.2.7": True, 970 "v6.0.11": True 971 } 972 } 973 ], 974 "revisions": { 975 "v6.0.0": True, 976 "v7.0.0": True, 977 "v6.0.5": True, 978 "v6.4.4": True, 979 "v6.4.0": True, 980 "v6.4.1": True, 981 "v6.2.0": True, 982 "v6.2.3": True, 983 "v6.2.5": True, 984 "v6.2.7": True, 985 "v6.0.11": True 986 } 987 }, 988 "neighbor_event": { 989 "type": "string", 990 "options": [ 991 { 992 "value": "enable", 993 "revisions": { 994 "v6.0.0": True, 995 "v7.0.0": True, 996 "v6.0.5": True, 997 "v6.4.4": True, 998 "v6.4.0": True, 999 "v6.4.1": True, 1000 "v6.2.0": True, 1001 "v6.2.3": True, 1002 "v6.2.5": True, 1003 "v6.2.7": True, 1004 "v6.0.11": True 1005 } 1006 }, 1007 { 1008 "value": "disable", 1009 "revisions": { 1010 "v6.0.0": True, 1011 "v7.0.0": True, 1012 "v6.0.5": True, 1013 "v6.4.4": True, 1014 "v6.4.0": True, 1015 "v6.4.1": True, 1016 "v6.2.0": True, 1017 "v6.2.3": True, 1018 "v6.2.5": True, 1019 "v6.2.7": True, 1020 "v6.0.11": True 1021 } 1022 } 1023 ], 1024 "revisions": { 1025 "v6.0.0": True, 1026 "v7.0.0": True, 1027 "v6.0.5": True, 1028 "v6.4.4": True, 1029 "v6.4.0": True, 1030 "v6.4.1": True, 1031 "v6.2.0": True, 1032 "v6.2.3": True, 1033 "v6.2.5": True, 1034 "v6.2.7": True, 1035 "v6.0.11": True 1036 } 1037 }, 1038 "resolve_port": { 1039 "type": "string", 1040 "options": [ 1041 { 1042 "value": "enable", 1043 "revisions": { 1044 "v6.0.0": True, 1045 "v7.0.0": True, 1046 "v6.0.5": True, 1047 "v6.4.4": True, 1048 "v6.4.0": True, 1049 "v6.4.1": True, 1050 "v6.2.0": True, 1051 "v6.2.3": True, 1052 "v6.2.5": True, 1053 "v6.2.7": True, 1054 "v6.0.11": True 1055 } 1056 }, 1057 { 1058 "value": "disable", 1059 "revisions": { 1060 "v6.0.0": True, 1061 "v7.0.0": True, 1062 "v6.0.5": True, 1063 "v6.4.4": True, 1064 "v6.4.0": True, 1065 "v6.4.1": True, 1066 "v6.2.0": True, 1067 "v6.2.3": True, 1068 "v6.2.5": True, 1069 "v6.2.7": True, 1070 "v6.0.11": True 1071 } 1072 } 1073 ], 1074 "revisions": { 1075 "v6.0.0": True, 1076 "v7.0.0": True, 1077 "v6.0.5": True, 1078 "v6.4.4": True, 1079 "v6.4.0": True, 1080 "v6.4.1": True, 1081 "v6.2.0": True, 1082 "v6.2.3": True, 1083 "v6.2.5": True, 1084 "v6.2.7": True, 1085 "v6.0.11": True 1086 } 1087 }, 1088 "faz_override": { 1089 "type": "string", 1090 "options": [ 1091 { 1092 "value": "enable", 1093 "revisions": { 1094 "v7.0.0": True, 1095 "v6.4.4": True, 1096 "v6.4.0": True, 1097 "v6.4.1": True, 1098 "v6.2.0": True, 1099 "v6.2.3": True, 1100 "v6.2.5": True, 1101 "v6.2.7": True 1102 } 1103 }, 1104 { 1105 "value": "disable", 1106 "revisions": { 1107 "v7.0.0": True, 1108 "v6.4.4": True, 1109 "v6.4.0": True, 1110 "v6.4.1": True, 1111 "v6.2.0": True, 1112 "v6.2.3": True, 1113 "v6.2.5": True, 1114 "v6.2.7": True 1115 } 1116 } 1117 ], 1118 "revisions": { 1119 "v7.0.0": True, 1120 "v6.4.4": True, 1121 "v6.4.0": True, 1122 "v6.4.1": True, 1123 "v6.2.0": True, 1124 "v6.2.3": True, 1125 "v6.2.5": True, 1126 "v6.2.7": True 1127 } 1128 }, 1129 "syslog_override": { 1130 "type": "string", 1131 "options": [ 1132 { 1133 "value": "enable", 1134 "revisions": { 1135 "v7.0.0": True, 1136 "v6.4.4": True, 1137 "v6.4.0": True, 1138 "v6.4.1": True, 1139 "v6.2.0": True, 1140 "v6.2.3": True, 1141 "v6.2.5": True, 1142 "v6.2.7": True 1143 } 1144 }, 1145 { 1146 "value": "disable", 1147 "revisions": { 1148 "v7.0.0": True, 1149 "v6.4.4": True, 1150 "v6.4.0": True, 1151 "v6.4.1": True, 1152 "v6.2.0": True, 1153 "v6.2.3": True, 1154 "v6.2.5": True, 1155 "v6.2.7": True 1156 } 1157 } 1158 ], 1159 "revisions": { 1160 "v7.0.0": True, 1161 "v6.4.4": True, 1162 "v6.4.0": True, 1163 "v6.4.1": True, 1164 "v6.2.0": True, 1165 "v6.2.3": True, 1166 "v6.2.5": True, 1167 "v6.2.7": True 1168 } 1169 }, 1170 "log_policy_comment": { 1171 "type": "string", 1172 "options": [ 1173 { 1174 "value": "enable", 1175 "revisions": { 1176 "v6.0.0": True, 1177 "v7.0.0": True, 1178 "v6.0.5": True, 1179 "v6.4.4": True, 1180 "v6.4.0": True, 1181 "v6.4.1": True, 1182 "v6.2.0": True, 1183 "v6.2.3": True, 1184 "v6.2.5": True, 1185 "v6.2.7": True, 1186 "v6.0.11": True 1187 } 1188 }, 1189 { 1190 "value": "disable", 1191 "revisions": { 1192 "v6.0.0": True, 1193 "v7.0.0": True, 1194 "v6.0.5": True, 1195 "v6.4.4": True, 1196 "v6.4.0": True, 1197 "v6.4.1": True, 1198 "v6.2.0": True, 1199 "v6.2.3": True, 1200 "v6.2.5": True, 1201 "v6.2.7": True, 1202 "v6.0.11": True 1203 } 1204 } 1205 ], 1206 "revisions": { 1207 "v6.0.0": True, 1208 "v7.0.0": True, 1209 "v6.0.5": True, 1210 "v6.4.4": True, 1211 "v6.4.0": True, 1212 "v6.4.1": True, 1213 "v6.2.0": True, 1214 "v6.2.3": True, 1215 "v6.2.5": True, 1216 "v6.2.7": True, 1217 "v6.0.11": True 1218 } 1219 }, 1220 "local_in_allow": { 1221 "type": "string", 1222 "options": [ 1223 { 1224 "value": "enable", 1225 "revisions": { 1226 "v6.0.0": True, 1227 "v7.0.0": True, 1228 "v6.0.5": True, 1229 "v6.4.4": True, 1230 "v6.4.0": True, 1231 "v6.4.1": True, 1232 "v6.2.0": True, 1233 "v6.2.3": True, 1234 "v6.2.5": True, 1235 "v6.2.7": True, 1236 "v6.0.11": True 1237 } 1238 }, 1239 { 1240 "value": "disable", 1241 "revisions": { 1242 "v6.0.0": True, 1243 "v7.0.0": True, 1244 "v6.0.5": True, 1245 "v6.4.4": True, 1246 "v6.4.0": True, 1247 "v6.4.1": True, 1248 "v6.2.0": True, 1249 "v6.2.3": True, 1250 "v6.2.5": True, 1251 "v6.2.7": True, 1252 "v6.0.11": True 1253 } 1254 } 1255 ], 1256 "revisions": { 1257 "v6.0.0": True, 1258 "v7.0.0": True, 1259 "v6.0.5": True, 1260 "v6.4.4": True, 1261 "v6.4.0": True, 1262 "v6.4.1": True, 1263 "v6.2.0": True, 1264 "v6.2.3": True, 1265 "v6.2.5": True, 1266 "v6.2.7": True, 1267 "v6.0.11": True 1268 } 1269 }, 1270 "resolve_ip": { 1271 "type": "string", 1272 "options": [ 1273 { 1274 "value": "enable", 1275 "revisions": { 1276 "v6.0.0": True, 1277 "v7.0.0": True, 1278 "v6.0.5": True, 1279 "v6.4.4": True, 1280 "v6.4.0": True, 1281 "v6.4.1": True, 1282 "v6.2.0": True, 1283 "v6.2.3": True, 1284 "v6.2.5": True, 1285 "v6.2.7": True, 1286 "v6.0.11": True 1287 } 1288 }, 1289 { 1290 "value": "disable", 1291 "revisions": { 1292 "v6.0.0": True, 1293 "v7.0.0": True, 1294 "v6.0.5": True, 1295 "v6.4.4": True, 1296 "v6.4.0": True, 1297 "v6.4.1": True, 1298 "v6.2.0": True, 1299 "v6.2.3": True, 1300 "v6.2.5": True, 1301 "v6.2.7": True, 1302 "v6.0.11": True 1303 } 1304 } 1305 ], 1306 "revisions": { 1307 "v6.0.0": True, 1308 "v7.0.0": True, 1309 "v6.0.5": True, 1310 "v6.4.4": True, 1311 "v6.4.0": True, 1312 "v6.4.1": True, 1313 "v6.2.0": True, 1314 "v6.2.3": True, 1315 "v6.2.5": True, 1316 "v6.2.7": True, 1317 "v6.0.11": True 1318 } 1319 }, 1320 "fwpolicy6_implicit_log": { 1321 "type": "string", 1322 "options": [ 1323 { 1324 "value": "enable", 1325 "revisions": { 1326 "v6.0.0": True, 1327 "v7.0.0": True, 1328 "v6.0.5": True, 1329 "v6.4.4": True, 1330 "v6.4.0": True, 1331 "v6.4.1": True, 1332 "v6.2.0": True, 1333 "v6.2.3": True, 1334 "v6.2.5": True, 1335 "v6.2.7": True, 1336 "v6.0.11": True 1337 } 1338 }, 1339 { 1340 "value": "disable", 1341 "revisions": { 1342 "v6.0.0": True, 1343 "v7.0.0": True, 1344 "v6.0.5": True, 1345 "v6.4.4": True, 1346 "v6.4.0": True, 1347 "v6.4.1": True, 1348 "v6.2.0": True, 1349 "v6.2.3": True, 1350 "v6.2.5": True, 1351 "v6.2.7": True, 1352 "v6.0.11": True 1353 } 1354 } 1355 ], 1356 "revisions": { 1357 "v6.0.0": True, 1358 "v7.0.0": True, 1359 "v6.0.5": True, 1360 "v6.4.4": True, 1361 "v6.4.0": True, 1362 "v6.4.1": True, 1363 "v6.2.0": True, 1364 "v6.2.3": True, 1365 "v6.2.5": True, 1366 "v6.2.7": True, 1367 "v6.0.11": True 1368 } 1369 }, 1370 "custom_log_fields": { 1371 "type": "list", 1372 "children": { 1373 "field_id": { 1374 "type": "string", 1375 "revisions": { 1376 "v6.0.0": True, 1377 "v7.0.0": True, 1378 "v6.0.5": True, 1379 "v6.4.4": True, 1380 "v6.4.0": True, 1381 "v6.4.1": True, 1382 "v6.2.0": True, 1383 "v6.2.3": True, 1384 "v6.2.5": True, 1385 "v6.2.7": True, 1386 "v6.0.11": True 1387 } 1388 } 1389 }, 1390 "revisions": { 1391 "v6.0.0": True, 1392 "v7.0.0": True, 1393 "v6.0.5": True, 1394 "v6.4.4": True, 1395 "v6.4.0": True, 1396 "v6.4.1": True, 1397 "v6.2.0": True, 1398 "v6.2.3": True, 1399 "v6.2.5": True, 1400 "v6.2.7": True, 1401 "v6.0.11": True 1402 } 1403 } 1404 }, 1405 "revisions": { 1406 "v6.0.0": True, 1407 "v7.0.0": True, 1408 "v6.0.5": True, 1409 "v6.4.4": True, 1410 "v6.4.0": True, 1411 "v6.4.1": True, 1412 "v6.2.0": True, 1413 "v6.2.3": True, 1414 "v6.2.5": True, 1415 "v6.2.7": True, 1416 "v6.0.11": True 1417 } 1418} 1419 1420 1421def main(): 1422 module_spec = schema_to_module_spec(versioned_schema) 1423 mkeyname = None 1424 fields = { 1425 "access_token": {"required": False, "type": "str", "no_log": True}, 1426 "enable_log": {"required": False, "type": bool}, 1427 "vdom": {"required": False, "type": "str", "default": "root"}, 1428 "log_setting": { 1429 "required": False, "type": "dict", "default": None, 1430 "options": { 1431 } 1432 } 1433 } 1434 for attribute_name in module_spec['options']: 1435 fields["log_setting"]['options'][attribute_name] = module_spec['options'][attribute_name] 1436 if mkeyname and mkeyname == attribute_name: 1437 fields["log_setting"]['options'][attribute_name]['required'] = True 1438 1439 check_legacy_fortiosapi() 1440 module = AnsibleModule(argument_spec=fields, 1441 supports_check_mode=False) 1442 1443 versions_check_result = None 1444 if module._socket_path: 1445 connection = Connection(module._socket_path) 1446 if 'access_token' in module.params: 1447 connection.set_option('access_token', module.params['access_token']) 1448 1449 if 'enable_log' in module.params: 1450 connection.set_option('enable_log', module.params['enable_log']) 1451 else: 1452 connection.set_option('enable_log', False) 1453 fos = FortiOSHandler(connection, module, mkeyname) 1454 versions_check_result = check_schema_versioning(fos, versioned_schema, "log_setting") 1455 1456 is_error, has_changed, result = fortios_log(module.params, fos) 1457 1458 else: 1459 module.fail_json(**FAIL_SOCKET_MSG) 1460 1461 if versions_check_result and versions_check_result['matched'] is False: 1462 module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv") 1463 1464 if not is_error: 1465 if versions_check_result and versions_check_result['matched'] is False: 1466 module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) 1467 else: 1468 module.exit_json(changed=has_changed, meta=result) 1469 else: 1470 if versions_check_result and versions_check_result['matched'] is False: 1471 module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) 1472 else: 1473 module.fail_json(msg="Error in repo", meta=result) 1474 1475 1476if __name__ == '__main__': 1477 main() 1478